<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>评论页面</title>
    <!-- 引入样式表 -->
    <link rel="stylesheet" href="/node_modules/bootstrap/dist/css/bootstrap.css">   
</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-md-12">
                <div class="col-md-6 col-md-offset-3">
                    <div class="pannel panel-danger">
                        <div class="panel-heading">
                            <h2>评论页面</h2>
                        </div>
                        <div class="panel-body">
                            <ul class="list-group"></ul>
                        </div>
                        <div class="panel-footer">
                            <form onsubmit="addComment(event)">
                                <div class="form-group">
                                    <label for="content" class="control-label">内容</label>
                                    <input type="text" id="content" class="form-control">
                                </div>
                               <div class="form-group">
                                   <input type="submit" value="发表" class="btn-primary">
                                   <a href="/pay.html" class="btn btn-danger">去转账</a>
                               </div>
                            </form>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <!-- 引入jquery -->
    <script src="/node_modules/jquery/dist/jquery.js"></script>  
    <script>
        function getList(params){
            $.get('/api/list').then(res=>{
                if(res.code === 0){
                    let html = ``;
                    res.comments.forEach(element => {
                        html+=`<Li class="list-group-item"> ${element.username}${encodeHtml(element.content)}</Li>`
                    })
                    $('.list-group').html(html);  //插入list-group的html中
                }
            }) 
        }
        getList();


        // 1.客服端传递给服务器时 需要校正先过滤一下
        // 2.服务端再做一次过滤
        // 3.直接在输出的时候过滤
        function encodeHtml(str){
            return str.replace(/&/g,'&amp')
               .replace(/"/g,'&quot')
               .replace(/'/g,'&apos')
               .replace(/</g,'&lt')
               .replace(/>/g,'&gt')
        }
        function addComment(e){
            e.preventDefault();
            //发表功能
            let content = encodeHtml($('#content').val())
            $.post('/api/addcomment',{content}).then(res=>{
                if(res.code === 1){
                    location.href = '/login.html'
                }else{
                    getList();   //评论成功获取最新列表
                }
            })
        }
    </script>
</body>
</html>
<!-- 微博 访问时会以自己的身份发一条恶意微博 -->